As of 25 May 2018, all organisations must meet the new European Privacy Legislation. What new responsibilities does this entail for the Data Protection Authority?
With regard to the General Data Protection Regulation, the media mainly focused on the substantial increase in the competence of the privacy regulator to impose fines. This in itself is not so strange, considering that the fines may be increased significantly. Up to 20 million euros or 4% of the global annual turnover of a company. But there is more. The Data Protection Authority will, for instance, also be able to caution a company more easily than it can now. You may already be faced with a caution if, for example, your actions may violate the privacy rules. In the event of an actual breach, you may be reprimanded. Furthermore, in specific cases, the Data Protection Authority can ‘demand’ of companies that are in breach of the privacy legislation to ensure compliance with privacy rules, for instance, by deleting personal data.
Not all of these enforcement options are entirely new, however, everything is magnified and there is also a strong focus on mutual cooperation between the European Data Protection Authorities. Therefore, it is wise to carefully go through the extensive list of investigative powers and corrective measures stipulated in the European Privacy Legislation. It is expected that the risk of violating privacy rules will only increase. For a large part, this will be due to the increased use of data. The complexity of the strict privacy rules can also contribute to this. Good advice can help you avoid major problems. This also applies to the prevention of reputational damage or privacy claims by stakeholders and others. For your questions about the European Privacy Legislation, please contact the Van Doorne Privacy Team.
We also kindly invite you to our Breakfast Seminar on de GDPR on 23 November 2016.